How to append netsh firewall rules, not just replace
I’m not sure but I guess you use PowerShell to loop over the array $IPArray
and want to add every IP in this array to be the Remote IP of the firewall rule Block External IP’s.
If this is correct, the problem is that netsh
does not have the option to add an IP, any set remoteip=
command overwrites the previous entry. Therefore you overwrite the remote IP with every iteration of your loop.
I think the solution is easy: Loop over the array as before, but combine all entries from $IPArray
to a string, separated by ,
. The string then should look like this 192.168.1.1,52.3.7.8
.
Finally, issue one netsh
command and specific this string as the remote IP parameter like this (given you name the variable RemoteIPString
netsh.exe advfirewall firewall set rule name="Block External IP's" new remoteip="$RemoteIPString"
Related videos on Youtube
Zombian
Updated on September 18, 2022Comments
-
Zombian over 1 year
I am using a script to set firewall rules in netsh.
netsh.exe advfirewall firewall set rule name="Block External IP's" new remoteip="$($ipArray[0])"
I thought that set was used so that it would append the rule rather than replace it. However, it wrote over the previous ip's in the list and replaced it with the very last ip in the array. How can I rewrite this so that it adds to the rules rather than replaces them? Thank you so much for your time and help.
-
Zombian almost 12 yearsI found this which basically says that netsh is not capable of adding ip's. So the only option I would have is to keep a list in a text file and run a script that writes to the file and then reads from it, importing all the addresses? That seems crazy. social.technet.microsoft.com/Forums/en-US/winserverManagement/…
-
-
Zombian almost 12 yearsThank you. It'd be so much easier if Windows allowed users add to the list rather it being overridden by default. Looks like I have to change my script to write to another file and then have the rule read from it. Seems tortuous.
-
bfritz over 9 yearsOnly issue with this I'm trying to ban 6 thousand IP's (TorNetwork) and hitting a command line character limit. So the only option would be to figure out howto append to an existing rule.